PayPal Spoofs

[cwoody]

Recently I have noticed an increased number of attempts to illegally solicit my Citibank account information. For those of you who also receive these emails and would like to help Citibank follow up on this matter, original emails and header information can be forwarded directly to emailspoof[at]citigroup.com .

[cwoody]

As with my CitiBank Post, attempts to illegally solicit PayPal account information can be forwarded along with header information to spoof[at]paypal.com . I'd like nothing more than to catch a few of these criminals. Thank you for your help.

[Wazoo]

These postings have no direct relationship to a SpamCop Filtered E-mail Account, so .... Merged them into one Topic, Moved them to the Lounge.

I had added "Phish" to the Glossary a while back, the FAQ contains a link to "Marjolein's Ban spam page" and the "Anti-Phishing Working Group" for a couple of examples of other folks, other places for more data.

cwoody PM'd to advise of the Move/Merge.

[cwoody]

These postings have no direct relationship to a SpamCop Filtered E-mail Account, so .... Merged them into one Topic, Moved them to the Lounge.

I had added "Phish" to the Glossary a while back, the FAQ contains a link to "Marjolein's Ban spam page" and the "Anti-Phishing Working Group" for a couple of examples of other folks, other places for more data.

cwoody PM'd to advise of the Move/Merge.

19700[/snapback]

Thank you for forwarding my posts appropriately Wazoo.

[StevenUnderwood]

I would not be all that excited about the "emailspoof[at]citigroup.com " email address. I have not received any answer to my queries there.

I have sent several there the last few months after trying to get an answer via their support number about a monthly email I am receiving and they told me to forward it there.

I believe this message is valid, but the web site it is directing me to is NOT a citibank URL. Nobody there seems to be able to answer my questions. I have not reported it, but am beginning to want to so someone takes notice.

[btech]

I would not be all that excited about the "emailspoof[at]citigroup.com " email address.  I have not received any answer to my queries there.

I have sent several there the last few months after trying to get an answer via their support number about a monthly email I am receiving and they told me to forward it there. 

I believe this message is valid, but the web site it is directing me to is NOT a citibank URL.  Nobody there seems to be able to answer my questions. I have not reported it, but am beginning to want to so someone takes notice.

19729[/snapback]

Same here. I posted a phishing complain/heads up directly on their site, by pasting the entire email, but never heard back. Not sure if this is their MO or they just don't care to reply to concerned citizens.

[StevenUnderwood]

or concerned customers

[Jeff G.]

or concerned customers

19796[/snapback]

Have you tried calling them or walking into your branch with a printout of the phishing attempt?

[StevenUnderwood]

Have you tried calling them or walking into your branch with a printout of the phishing attempt?

Calling them is what started the process. I don;t have a local branch and this is for my mortgage which they purchased (not my choice).

I called them and said I have been getting these monthly messages saying my account information is ready, but none of the web pages actually point to citi* web pages like if I do it manually.

Their reply was to send the message to the emailspoof address.

This has happened for 4 months in a row. I now know it is probably legitimate, but I am not going to click on the link to find out. I do it the hard way, pulling the link from my favorites. I would like them to change their links, but they don't seem to care.

[Wazoo]

What is the link involved?

[StevenUnderwood]

Will get it and post when I get home.

[cwoody]

Calling them is what started the process.  I don;t have a local branch and this is for my mortgage which they purchased (not my choice).

I called them and said I have been getting these monthly messages saying my account information is ready, but none of the web pages actually point to citi* web pages like if I do it manually.

Their reply was to send the message to the emailspoof address.

This has happened for 4 months in a row.  I now know it is probably legitimate, but I am not going to click on the link to find out.  I do it the hard way, pulling the link from my favorites.  I would like them to change their links, but they don't seem to care.

19827[/snapback]

I don't know if this helps, but Citibank publishes a list of their legitimate links at http://www.citibank.com/domain/spoof/citi_urls.htm

[Jeff G.]

cwoody, thanks for that URL. It is interesting that, while the web sites listed are NOT spoofs, the page title is "Spoof web sites".

A more appropriate title would be "URLs Citibank or CitiGroup Might Email You".

[cwoody]

cwoody, thanks for that URL.  It is interesting that, while the web sites listed are NOT spoofs, the page title is "Spoof web sites". 

A more appropriate title would be "URLs Citibank or CitiGroup Might Email You".

19931[/snapback]

I AGREE. I had the same thought when I first read the page.

[StevenUnderwood]

That site is the EXACT reason I started following up on this issue.

The "visible links" point to places like citibank.com but all of the links are being sent to citi.bridgetrak.com (i.e. they are breaking their own rules).

I have submitted a report so you can see the source. Will post a link as soon as it comes through the parser (why is it always slower when you are waiting on it )

http://mailsc.spamcop.net/sc?id=z690684371...8b19019c543106z

[Jeff G.]

This is definitely a spoof attempt. domains[at]spidergate.net, postmaster[at]spidergate.net, abuse[at]spidergate.net, abuse[at]mci.com, reportphishing[at]antiphishing.org, and spam[at]ftc.gov should also be contacted about it.

[Wazoo]

A more appropriate title would be "URLs Citibank or CitiGroup Might Email You".

I was thinking more along the lines of "we only want the young and upwardly mobile with good benefits and excellent vision! .. and for you ignorant newbies, we're only going to make it look like you could click on these links ... call your ISP if they don't work!"

That site is the EXACT reason I started following up on this issue.

The "visible links" point to places like citibank.com but all of the links are being sent to citi.bridgetrak.com (i.e. they are breaking their own rules).

Thanks. On one hand, how so few would notice this issue, wondering just how many folks you could complain to before you found one that believe you, much less understand you. I remember years back trying to find out who the hell akamai was, and I don't recall ever getting an answer back from anyone I queried on just how that outfit was associated with those other sites (and there was no www.akamai.com/org/net site at the time) Folks seem so amazed to fire up a system here and see blank web pages, broken / no graphics on others, only partial loads on others, hear me bitching about hitting a page and having to do a zillion mouse-clicks to deny the crap offered up when all I want to see is two lines of text .... on and on ..

11/09/04 21:47:49 whois citi.bridgetrack.com

Registrant:

Planning Group International (BRIDGETRACK-DOM)

12910 SW 89 Court

Miami, FL 33176

Domain Name: BRIDGETRACK.COM

Administrative Contact, Technical Contact:

Spidergate Media Group (DA19736-OR) domains[at]SPIDERGATE.NET

12910 SW 89TH CT

MIAMI, FL 33176-5803

US

3052530100 fax: ïÿùÐ

Record expires on 09-Nov-2010.

Record created on 09-Nov-1999.

Planning Group International is a licensee of the TRUSTe Privacy Program.

If you would like to opt-out of our online tracking, http: // citi.bridgetrack.com/optout.htm

(Boy, does that give you a warm feeling or what?)

Hit about a dozen web pages there and found no reference at all back to citibank ... interesting ...

[StevenUnderwood]

This is definitely a spoof attempt.  domains[at]spidergate.net, postmaster[at]spidergate.net, abuse[at]spidergate.net, abuse[at]mci.com, reportphishing[at]antiphishing.org, and spam[at]ftc.gov should also be contacted about it.

19948[/snapback]

I am not convinced of that since I never got one before I "bought" by citimortgage and get them regularly, one per month, ONLY when my account has been updated (confirmed through their official web portal entrance).

My feeling is that someone has farmed out the emailing of these monthly letters and is not following company policy in doing so.

But the indecision here, among people nervous about this stuff as I am, is making me think I need a more direct approach (higher up the chain) to get my point across. THANK YOU all for the additional insight. I will keep you informed if I get anywhere.